users@jersey.java.net

[Jersey] _at_Context SecurityContext not initialized with SSL client certs

From: Christopher Larrieu <larrieu_at_jlab.org>
Date: Mon, 14 May 2012 11:03:30 -0400

I'm authenticating the client via SSL. SecurityContext is not being set.

I had to inject the Grizaly-specific Request to get the peer certs via the connection's SSLEngine.

The following example illustrates the issue I am having. (I'm using jersey-grizzly2, version 1.12)

Thanks for any assistance,

Chris


=====================================
Resource:
=====================================
@Path("/hello")
public class Hello {
        @GET
        @Produces("text/plain")
        public String get(@Context SecurityContext sec, @Context ThreadLocal<Request> request) throws SSLPeerUnverifiedException {
                System.out.println("Hello.get()");
                try {
                        System.out.printf("sec.isSecure()=%s",sec.isSecure());
                        System.out.printf("sec.getUserPrincipal()=%s%n",sec.getUserPrincipal());
                }
                catch (Throwable t) {
                        System.out.println(t);
                        System.out.println("Oops. Looks like SecurityContext is not set. I wonder why?");
                }
                Request r = request.get();
                X500Principal p = (X500Principal) SSLUtils.getSSLEngine(r.getContext().getConnection()).getSession().getPeerPrincipal();
                String cn = p.getName("CANONICAL").split("cn=")[1].split(",")[0];
                System.out.printf("cn=%s%n",cn);
                System.out.println("Oh, that's nice. I can get the client certs via the Grizzly connection-specfic SSLEngine. But that's kind of a hack.");
                return String.format("Hello, %s",cn);
        }
}


=====================================
Output:
=====================================
Hello.get()
java.lang.UnsupportedOperationException
Oops. Looks like SecurityContext is not set. I wonder why?
cn=larrieu
Oh, that's nice. I can get the client certs via the Grizzly connection-specfic SSLEngine. But that's kind of a hack.


=====================================
Server entry point:
=====================================
        public static void main(String[] args) {
                try {
                        URI uri = new URI(BASE_URI);
                        SSLContext ssc = ServerCertificateManager.getSSLContext();
                        SSLEngineConfigurator sec = new SSLEngineConfigurator(ssc).setClientMode(false).setNeedClientAuth(true);
                        ResourceConfig rc = new PackagesResourceConfig("org.jlab.scicomp.server.resources");
                        HttpHandler handler = ContainerFactory.createContainer(HttpHandler.class, rc);
                        HttpServer https = GrizzlyServerFactory.createHttpServer(uri, handler, true, sec);
                        https.start();
                        System.in.read();
                }
                catch (Exception e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                }
        }
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.